From 091d1a034476425e7b36cd6990bab077005935ed Mon Sep 17 00:00:00 2001 From: "rpotts%netscape.com" Date: Tue, 10 Nov 1998 07:06:02 +0000 Subject: [PATCH] do not allow the stream listener to be freed during a call to OnDataAvailable... It is possible, that OnStopBinding() wil lbe called while the listener is processing the data (ie. the URL load is interrupted). If this happens, do not free the listener until the OnDataAvailable() call has finished... --- uriloader/base/nsDocLoader.cpp | 14 +++++++++++++- webshell/src/nsDocLoader.cpp | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/uriloader/base/nsDocLoader.cpp b/uriloader/base/nsDocLoader.cpp index 22cfa9ed659..c664caea72d 100644 --- a/uriloader/base/nsDocLoader.cpp +++ b/uriloader/base/nsDocLoader.cpp @@ -1348,7 +1348,19 @@ NS_METHOD nsDocumentBindInfo::OnDataAvailable(nsIURL* aURL, NS_PRECONDITION(nsnull !=m_NextStream, "DocLoader: No stream for document"); if (nsnull != m_NextStream) { - rv = m_NextStream->OnDataAvailable(aURL, aStream, aLength); + /* + * Bump the refcount in case the stream gets destroyed while the data + * is being processed... If Stop(...) is called the stream could be + * freed prematurely :-( + * + * Currently this can happen if javascript loads a new URL + * (via nsIWebShell::LoadURL) during the parse phase... + */ + nsIStreamListener* listener = m_NextStream; + + NS_ADDREF(listener); + rv = listener->OnDataAvailable(aURL, aStream, aLength); + NS_RELEASE(listener); } done: diff --git a/webshell/src/nsDocLoader.cpp b/webshell/src/nsDocLoader.cpp index 22cfa9ed659..c664caea72d 100644 --- a/webshell/src/nsDocLoader.cpp +++ b/webshell/src/nsDocLoader.cpp @@ -1348,7 +1348,19 @@ NS_METHOD nsDocumentBindInfo::OnDataAvailable(nsIURL* aURL, NS_PRECONDITION(nsnull !=m_NextStream, "DocLoader: No stream for document"); if (nsnull != m_NextStream) { - rv = m_NextStream->OnDataAvailable(aURL, aStream, aLength); + /* + * Bump the refcount in case the stream gets destroyed while the data + * is being processed... If Stop(...) is called the stream could be + * freed prematurely :-( + * + * Currently this can happen if javascript loads a new URL + * (via nsIWebShell::LoadURL) during the parse phase... + */ + nsIStreamListener* listener = m_NextStream; + + NS_ADDREF(listener); + rv = listener->OnDataAvailable(aURL, aStream, aLength); + NS_RELEASE(listener); } done: